You are browsing the archive for Installation.

DPM QFE installation

9:18 am in Uncategorized by mikeresseler

Our MMS presentation is in two weeks, and I have already started building servers a while ago, but now that the DPM product team has released a QFE I decided to install it on my demo environment.  Many of you will say that this a bad idea considering that MMS is so close and things could go wrong… but my trust in the DPM product team is high so I just went on with the installation :-)

As always, my advice is to read the entire knowledge base very well, to make sure that you understand how to install this.

On of the prerequisites of installing this is KB2223201 when DPM 2010 is installed on Windows Server 2008 R2 or KB2279787 when DPM 2010 is installed on Windows Server 2008.

Because I never installed the KB2223201 on that demo machine, I decided to have a look at what the issues could be…

The installer checks this however, and I don’t get the change of installing the update without the hotfix.

Screenshot03

Make sure that you have this hotfix in front, because this one requires a reboot, and that is something you don’t want to do in the middle of the day.

Now that I got rid of the hotfix prerequisite, I could start the actual installation

Screenshot05

Information about the jobs that will fail and that there will be taken a backup of the DPM database

Screenshot06

Accept the license agreement

Screenshot07

And that’s it, the installer is installing the update

Screenshot08

Press Close to finish the installation.  I left the Open DPM 2010 administrator console checkbox on because I want to deploy the update to my agents asap, so that I could keep them protected

Screenshot09

As you can see, every agent requires an update.  By selecting them (or doing it one by one) and clicking on the update available link, you can start the upgrade process

Screenshot10

You will get a notification again that running jobs will fail, but then again, they would fail anyhow because you are not running the latest agent version Smile

Screenshot11

Screenshot12

And finally it is finished.

This was an installation for a single DPM server with the SQL dedicated on the same box.

If you have the SQL remotely installed, don’t forget to run the Sqlprep-KB2465832.msp (the x64 or x32 depending on your situation) BEFORE you start upgrading your agents.

If you have the DPM Management shell installed on a remote computer, then run the DPMManagementshell2007-KB2465832.msp

And if you have custom DPMRA ports then you need to do additional work after the installation (see the KB for information)

The same goes when you have IBM libraries, read the document carefully.

That’s it for today.

Next thing is testing the client protection with a non-admin user Smile

Cheers,

Mike

Remote install of DPM 2010 agents

8:57 am in Uncategorized by mikeresseler

It is a fact… From time to time, DPM won’t install the agent through the GUI.  And yes, most of the time, then you need to install it manually.  In the larger environments, we use different methods for our DPM agent deployments, but in the smaller ones, the infrastructure for doing that just isn’t there. 

Hans De Leenheer, which is a colleague of mine does quite some DPM implementations with smaller companies as part of a larger projects.  As he likes the words “a good admin is a lazy admin” (which is something I share with him :-)) he decided to create a small procedure to install the agents on servers remotely.  Now he doesn’t need to RDP to each server.

The procedure can be found here:

http://hansdeleenheer.blogspot.com/2010/08/remote-install-of-dpm-2010-agents.html

Thanks Hans,

Enjoy

Mike

From the forums: Manual agent installation on a DC or RODC

7:59 am in Uncategorized by mikeresseler

As promised in previous post, here is already an interesting topic.

Many people seem to be having issues with installing an agent on a domain controller (DC) or on a read-only domain controller (RODC).  Whether it is through the automatic install or the manual install, sometimes it doesn’t work.  This can be due to various reasons, one of them being the DC or RODC secured more properly.

Below you can find a method for deploying an agent on a DC or RODC when you encounter this.  The method comes from Praveen D [MSFT]

1. Create and populate the following security groups on Primary domain controller: (Where $PSNAME is the name of RODC on which you are planning to install agent)
    a. Create DPMRADCOMTRUSTEDMACHINES$PSNAME  and add DPM server as a member
    b. Create DPMRADMTRUSTEDMACHINES$PSNAME and add DPM server as a member
    c. Add DPM server as a member of Builtin\Distributed com users group
2. Ensure that above changes are replicated on to RODC
3. Install agent on RODC
4. Grant launch and activate permissions for DPM server on DPM RA service by doing the following:
    a. Run "dcomcnfg"
    b. Expand Component Services ->  Expand Computers -> Expand My Computer -> Expand DCOM Config
    c. Right click DPM RA Service and select Properties
    d. Under ‘General’, "Authentication Level – Default"
    e. Under ‘Location’, only "Run application on this computer" should be checked
    f. Under Security, verify that the "Launch and Activation Permissions" (select > "Edit") include the machine account for the DPM Server and Allow
    j. Click OK
5. Copy setagentcfg.exe, traceprovider.dll and LKRhDPM.dll from "c:\Program Files\Microsoft DPM\DPM\setup" on DPM server and place them in "c:\Program Files\Microsoft DPM\DPM\setup" on RODC.
6. Run "setagentcfg.exe a DPMRA domain\DPMserver"  on RODC using an elevated command prompt. (Run setagentcfg.exe from the location above i.e c:\Program Files\Microsoft DPM\DPM\setup)
7. If  a firewall is enabled on RODC run the following commands:
    a. netsh advfirewall firewall set rule group="@FirewallAPI.dll,-29502" new enable=yes
    b. netsh advfirewall firewall set rule group="@FirewallAPI.dll,-34251" new enable=yes
    c. netsh advfirewall firewall add rule name=dpmra dir=in program="%PROGRAMFILES%\Microsoft Data Protection Manager\DPM\bin\DPMRA.exe" profile=Any action=allow
    d. netsh advfirewall firewall add rule name=DPMRA_DCOM_135 dir=in action=allow protocol=TCP localport=135 profile=Any
8. Attach agent on DPM server, now you are ready to protect the RODC.

Cheers,

Mike

Getting the Client-protection working

8:43 am in Uncategorized by mikeresseler

Hey All,

One of the exiting features of DPM 2010 is the improved client protection of workstations.  In this post, I’ll give some more information about it.  To make it a bit tricky, I decided to try to install the agent on a workstation
(windows 7, 32-bit) that resides

a. In a different domain (but a fully trusted domain)

b. Is not in the office but connected through a VPN, sitting at home

Since I assume that client protection will be getting more and more attention from companies, I decided to test it out thoroughly.  Both for the installation and the first synchronization I decided not to follow the guidelines but really try to do the worst scenario.

 

1. The installation

Installing the client is the same as installing a server.  Manuals from the beta (before the RC) mentioned that I should install it manually (or through solutions such as SCCM or SCE) but I thought that it also would be possible to do this through the UI.

image

I start by taking the "install agent” option since I didn’t installed it yet.  Note also the attach agents that can be used when an agent is installed manually.

image

Now I need to select the workstation.  He will only list the workstations and servers from the domain that the DPM server resides in, so to connect  to my workstation on another domain, I had to type in the FQDN name in the box

image

Here I can give in the credentials for a user that has administrative rights on the workstation in that domain

image

I decided here not to restart the workstation automatically, instead, I wanted to test if it really is necessary to restart which could be a killer in very large environments.

image

Finally, the summary and ready to install.  Now one little note drew my attention: The computer may momentarily lose network connectivity during installation.

Since the workstation is on a client vpn, this could be tricky :-)

Also, before you can actually do this, you need to make sure that your firewall is configured correctly.  I failed the first time because my firewall was wrong configured.

clip_image001

And then the screen of success came.  Now I didn’t see the client lose network connectivity, and if it did, then it had to be very short because my VPN tunnel didn’t drop so that seems to be working.

Now let’s look a bit at the changes on the client.

First, I found two new services

image

Second, here’s how the Client UI looks:

image

This client already has a policy, but how that works I will explain in next post.

Lessons learnt:

* It is possible to install the agent on a workstation through the GUI from DPM itself.

* You can do it over a VPN connection

* Windows 7 doesn’t need to reboot afterwards

* The DPM client UI will demonstrate a small icon in the notification area after the reboot, but you can start it by starting manually the DPM UI without rebooting

* In windows 7, when you want to see this icon, you need to change the notification settings

clip_image001[4]

And this is the icon, and more information when you right-click on it

clip_image001[6]

image

Last picture is from a client that is disconnect from the server

Allright, next post: Create a protection group and do the first synchronization, over the VPN of course :-)

Cheers,

Mike